[CERT-daily] Tageszusammenfassung - Freitag 2-09-2016

Daily end-of-shift report team at cert.at
Fri Sep 2 18:04:03 CEST 2016


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 01-09-2016 18:00 − Freitag 02-09-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs ***
---------------------------------------------
http://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-other-bugs/120305/




*** Insecure Redis Instances at Core of Attacks Against Linux Servers ***
---------------------------------------------
Attackers are targeting insecure Redis instances, exposed to the internet, to access Linux servers and delete web files and folders in exchange for ransom.
---------------------------------------------
http://threatpost.com/insecure-redis-instances-at-core-of-attacks-against-linux-servers/120312/




*** Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite ***
---------------------------------------------
https://support.apple.com/kb/HT207130




*** Safari 9.1.3 ***
---------------------------------------------
https://support.apple.com/kb/HT207131




*** IoT Home Router Botnet Leveraged in Large DDoS Attack ***
---------------------------------------------
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed ..
---------------------------------------------
https://blog.sucuri.net/2016/09/iot-home-router-botnet-leveraged-in-large-ddos-attack.html




*** Wenn die Physik zur Sicherheitslücke wird ***
---------------------------------------------
Bei der Sicherheitskonferenz Usenix haben Hacker neue Möglichkeiten demonstriert, Systeme mit Angriffen auf die Hardware zu manipulieren.
---------------------------------------------
https://futurezone.at/science/wenn-die-physik-zur-sicherheitsluecke-wird/218.947.582




*** DSA-3658 libidn - security update ***
---------------------------------------------
Hanno Boeck discovered multiple vulnerabilities in libidn, the GNUlibrary for Internationalized Domain Names (IDNs), allowing a remoteattacker to cause a denial of service against an application using thelibidn library (application crash).
---------------------------------------------
https://www.debian.org/security/2016/dsa-3658




*** Mutmaßlicher Angreifer auf Web-Infrastruktur des Linux Kernels festgenommen ***
---------------------------------------------
In den USA ist ein Hacker festgenommen worden, der für Angriffe auf die Linux Foundation und die Webseite kernel.org verantwortlich sein soll. Dabei handelt es sich wohl um den einschlägig bekannten Angriff von 2011.
---------------------------------------------
http://heise.de/-3312595




*** Over 40 million usernames, passwords from 2012 breach of Last.fm surface ***
---------------------------------------------
While Last.fm informed users in 2012, passwords were easily cracked.
---------------------------------------------
http://arstechnica.com/security/2016/09/over-40-million-usernames-passwords-from-2012-breach-of-last-fm-surface/


More information about the Daily mailing list